{"id":21516420,"url":"https://github.com/voidsec/solarputtydecrypt","last_synced_at":"2025-04-09T20:42:48.996Z","repository":{"id":40902107,"uuid":"206334747","full_name":"VoidSec/SolarPuttyDecrypt","owner":"VoidSec","description":"A post-exploitation tool to decrypt SolarPutty's sessions files","archived":false,"fork":false,"pushed_at":"2022-12-08T06:27:13.000Z","size":79,"stargazers_count":35,"open_issues_count":1,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T22:38:08.269Z","etag":null,"topics":["decrypt","exploit","forensics","postexploit","postexplotation","sessions","solarputty"],"latest_commit_sha":null,"homepage":"https://voidsec.com/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VoidSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-04T14:10:06.000Z","updated_at":"2025-02-16T03:34:26.000Z","dependencies_parsed_at":"2023-01-24T16:30:56.203Z","dependency_job_id":null,"html_url":"https://github.com/VoidSec/SolarPuttyDecrypt","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FSolarPuttyDecrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FSolarPuttyDecrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FSolarPuttyDecrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FSolarPuttyDecrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VoidSec","download_url":"https://codeload.github.com/VoidSec/SolarPuttyDecrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248110205,"owners_count":21049452,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decrypt","exploit","forensics","postexploit","postexplotation","sessions","solarputty"],"created_at":"2024-11-24T00:21:00.692Z","updated_at":"2025-04-09T20:42:48.976Z","avatar_url":"https://github.com/VoidSec.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SolarPuTTYDecrypt\nA post-exploitation/forensics tool to decrypt SolarPuTTY's sessions files\n\n*Author:* Paolo Stagno ([@Void_Sec](https://twitter.com/Void_Sec) - [voidsec.com](https://voidsec.com))\n\n## Intro:\n\nIn September 2019 I found some bad design choices (vulnerability?) in SolarWinds [SolarPuTTY](https://www.solarwinds.com/free-tools/solar-putty) software. It allows an attacker to recover SolarPuTTY's stored sessions from a compromised system.\n\nThis vulnerability was leveraged to targets all SolarPuTTY versions \u003c= 4.0.0.47\n\nI've made this detailed [blog post](https://voidsec.com/solarputtydecrypt/) explaining the \"vulnerability\".\n\n## Usage:\nBy default, when runned without arguments, the tool attempts to dump the local SolarPuTTY's sessions file (%appdata%\\SolarWinds\\FreeTools\\Solar-PuTTY\\data.dat).\n\nOtherwise the tool can be pointed to an arbitrary exported sessions file in the following way (use \"\" for empty password):\n```\nSolarPuttyDecrypt.exe C:\\Users\\test\\session.dat Pwd123!\n```\nSessions will be outputted on screen and saved into User's Desktop (%userprofile%\\desktop\\SolarPutty_sessions_decrypted.txt)\n\n![SolarPuttyDecrypt](solarputtydecrypt.png)\n\n### Help Needed\n\nSearching for someone interested into helping me adding the decryption routine to the [Metasploit post-exploitation module](solar_putty.rb).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fsolarputtydecrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoidsec%2Fsolarputtydecrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fsolarputtydecrypt/lists"}